Embedded Firmware Security Lead
We are now looking for an Embedded Firmware Security Lead. […] Ways to stand out from the crowd:
* Experience with secure code quality practices and tooling to support quick engagements and rapid analysis – static analysis tools (Coverity, Checkmarx, or similar), dynamic scanning (Rapid 7, AppSider, or similar), Fuzzing (AFL, Peach, or similar) and code coverage (Bullseye, LDRA, etc)
* Experience with security incident response activities and penetration testing
* Experience with Ada/Spark language variant and formal proof verification a plus.
[…]
Month: July 2017
IBM OpenPower secure and trusted boot, Part 2
OpenPOWER secure and trusted boot, Part 2
Protecting system firmware with OpenPOWER secure boot
Making your system safe against boot code cyberattacks
Dave Heller and Nageswara Sastry
Published on June 05, 2017
This content is part 2 of 2 in the series: OpenPOWER secure and trusted boot. IBM® OpenPOWER servers offer two essential security features, trusted boot and secure boot, to help ensure the integrity of your server and safeguard against a boot code cyberattack. Trusted boot works by creating secure recordings, or measurements, of executable code as the system boots. Using a process known as remote attestation, you can retrieve these measurements securely and use them to verify the integrity of your firmware or target operating system (OS). Secure boot helps ensure the integrity of your OS and firmware as well. But rather than taking measurements for later examination, secure boot performs the validation in place, during boot, and will halt the boot process if the validation fails. These two features are complementary and work together to provide comprehensive protection of platform boot code. This article explores the secure boot method, with particular focus on protection of system firmware.[…]
https://www.ibm.com/developerworks/library/l-protect-system-firmware-openpower/
Part 1 is from Feburary:
https://www.ibm.com/developerworks/linux/library/l-trusted-boot-openPOWER-trs/index.html?ca=drs-
UEFI-based IoT firmware updates
https://twitter.com/grjohnson10/status/880767835886301184
Simplify Secure, UEFI-Based IoT Firmware Updates
Rich Nass
In the age of the Internet of Things (IoT), where everything is becoming connected, each connection point can be viewed as a “Hack This” sign for the bad guys. To prevent this, developers need to be sure that all firmware and associated patches are kept up to date with verified and secure revision control. Any unpatched or outdated firmware can allow access to critical system functions. Unfortunately, this need to keep firmware updated often goes overlooked by the development team after a product has shipped. In many cases this is due to the resources required and complexities involved. But what if the whole process of updating and securing firmware remotely or over the air (OTA) could be standardized and encapsulated within an easy-to-use, reliable solution that works seamlessly with your underlying hardware? It turns out that such a solution is already in hand.[…]
http://www.insight.tech/industrial/simplify-secure-uefi-based-iot-firmware-updates
Nikolaj on recent UEFI/ACPI spec updates
[[[UPDATE:
William’s blog post on Nikolaj’s comments are more readable than below post:
http://www.basicinputoutput.com/2017/07/uefi-27-courtesy-of-nikolaj.html
]]
Nikolaj has over a dozen tweets showcasing the interesting new features in the latest UEFI and ACPI specs. Click on the above Twitter URL to see the full set.
UDK2017 available
Brian Richardson of Intel has a new article talking about the latest UEFI dev kit. It includes a summary of the newly-added UEFI features.
https://github.com/tianocore/edk2/releases/tag/vUDK2017
https://github.com/tianocore/tianocore.github.io/wiki/UDK2017#udk2017-features–updates–changes
OpenSuCo 2017: Workshop on Open Source Supercomputing
OpenSuCo 2017, the 2017 International Workshop on Open Source Supercomputing, just happened. PDFs of many — but not all — of the presentations are available!
The OpenSuCo Workshop seeks to encapsulate a wealth of effort in design, prototyping, and cross-functional collaboration of open source hardware, software, and scientific computing projects in a singular point of technical discussion and exchange.
Open Source Silicon – Challenges, Opportunities, and Predictions
Generation and Reconfiguration of Accelerators for Data Center
Breaking the 4th Wall: Reducing the Datacenter to a SoC
CloudLightning and the OPM-based Use Case
Fundamentals of OmpSs
Efficient Programming for Multicore Processor Heterogeneity: OpenMP versus OmpSs
Taking PBS Pro Open Source: From Crazy Decision to Early Operational Success
HermitCore: A Library Operating System for Cloud and High-Performance Computing
Best GPU Code Practices Combining OpenACC, CUDA, and OmpSs
http://www.opensuco.community/2017/01/30/isc17-opensuco-2017/
ebook: Using UEFI Instead of BIOS
I just noticed there’s a new Amazon Kindle eBook on UEFI/BIOS, apparently first published in September 2016:
What You Need to Know About Using UEFI Instead of the BIOS and what is Different ?!
by Mohandes kahraba
ASIN: B072KRSLNR
Kindle eBook
Length: 30 pages
Firmware Security 